auditdistd - Secure and reliable distribution of audit trail files

Security Event Audit is a facility to provide fine-grained, configurable logging of security-relevant events.
Audit events are stored in trail files that can be used for postmortem analysis in case of system compromise.
Once the system is compromised, an attacker has access to audit trail files and can modify or delete them.
The auditdistd daemon's role is to distribute audit trail files to a remote system in a secure and reliable way.

The talk will provide background to the Security Event Audit facility in FreeBSD and will describe auditdistd daemon in detail.
The auditdistd daemon is a good example of using modern sandboxing mechanisms, like capsicum.
During the talk audit subsystem and auditdistd daemon will be presented live.